Deploy controller node with nsx-t support
Change-Id: Iae2b2679b4f7bdbc1fe5b82aa2c0f2b46e032907
This commit is contained in:
parent
12f8f25427
commit
9728ea3bb4
|
@ -0,0 +1,38 @@
|
|||
#!/usr/bin/env ruby
|
||||
#^syntax detection
|
||||
# See https://github.com/bodepd/librarian-puppet-simple for additional docs
|
||||
#
|
||||
# Important information for fuel-library:
|
||||
# With librarian-puppet-simple you *must* remove the existing folder from the
|
||||
# repo prior to trying to run librarian-puppet as it will not remove the folder
|
||||
# for you and you may run into some errors.
|
||||
|
||||
# Pull in puppetlabs-stdlib
|
||||
mod 'stdlib',
|
||||
:git => 'https://github.com/fuel-infra/puppetlabs-stdlib.git',
|
||||
:ref => '4.9.0'
|
||||
|
||||
# Pull in puppetlabs-inifile
|
||||
mod 'inifile',
|
||||
:git => 'https://github.com/fuel-infra/puppetlabs-inifile.git',
|
||||
:ref => '1.4.2'
|
||||
|
||||
# Pull in puppet-neutron
|
||||
mod 'neutron',
|
||||
:git => 'https://github.com/fuel-infra/puppet-neutron.git',
|
||||
:ref => 'stable/mitaka'
|
||||
|
||||
## Pull in puppet-nova
|
||||
#mod 'nova',
|
||||
# :git => 'https://github.com/fuel-infra/puppet-nova.git',
|
||||
# :ref => 'stable/mitaka'
|
||||
#
|
||||
# Pull in puppet-openstacklib
|
||||
mod 'openstacklib',
|
||||
:git => 'https://github.com/fuel-infra/puppet-openstacklib.git',
|
||||
:ref => 'stable/mitaka'
|
||||
|
||||
## Pull in puppet-keystone
|
||||
#mod 'keystone',
|
||||
# :git => 'https://github.com/fuel-infra/puppet-keystone.git',
|
||||
# :ref => 'stable/mitaka'
|
|
@ -0,0 +1,20 @@
|
|||
notice('fuel-plugin-nsx-t: configure-agents-dhcp.pp')
|
||||
|
||||
neutron_dhcp_agent_config {
|
||||
'DEFAULT/ovs_integration_bridge': value => 'nsx-managed';
|
||||
'DEFAULT/interface_driver': value => 'neutron.agent.linux.interface.OVSInterfaceDriver';
|
||||
'DEFAULT/enable_metadata_network': value => true;
|
||||
'DEFAULT/enable_isolated_metadata': value => true;
|
||||
'DEFAULT/ovs_use_veth': value => true;
|
||||
}
|
||||
|
||||
if 'primary-controller' in hiera('roles') {
|
||||
exec { 'dhcp-agent-restart':
|
||||
command => "crm resource restart $(crm status|awk '/dhcp/ {print \$3}')",
|
||||
path => '/usr/bin:/usr/sbin:/bin:/sbin',
|
||||
logoutput => true,
|
||||
provider => 'shell',
|
||||
tries => 3,
|
||||
try_sleep => 10,
|
||||
}
|
||||
}
|
|
@ -31,6 +31,32 @@ nsx_config {
|
|||
'nsx_v3/default_edge_cluster_uuid': value => $edge_cluster;
|
||||
}
|
||||
|
||||
file { '/etc/neutron/plugin.ini':
|
||||
ensure => link,
|
||||
target => $::nsxt::params::nsx_plugin_config,
|
||||
replace => true,
|
||||
require => File[$::nsxt::params::nsx_plugin_dir]
|
||||
}
|
||||
|
||||
if !$settings['insecure'] {
|
||||
nsx_config { 'nsx_v3/insecure': value => $settings['insecure']; }
|
||||
|
||||
$ca_filename = try_get_value($settings['ca_file'],'name','')
|
||||
|
||||
if !empty($ca_filename) {
|
||||
$ca_certificate_content = $settings['ca_file']['content']
|
||||
$ca_file = "${::nsxt::params::nsx_plugin_dir}/${ca_filename}"
|
||||
|
||||
nsx_config { 'nsx_v3/ca_file': value => $ca_file; }
|
||||
|
||||
file { $ca_file:
|
||||
ensure => present,
|
||||
content => $ca_certificate_content,
|
||||
require => File[$::nsxt::params::nsx_plugin_dir],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
File[$::nsxt::params::nsx_plugin_dir]->
|
||||
File[$::nsxt::params::nsx_plugin_config]->
|
||||
Nsx_config<||>
|
||||
|
|
|
@ -1,3 +1,14 @@
|
|||
notice('fuel-plugin-nsx-t: create-repo.pp')
|
||||
|
||||
class { '::nsxt::create_repo': }
|
||||
include ::nsxt::params
|
||||
|
||||
$settings = hiera($::nsxt::params::hiera_key)
|
||||
$managers = $settings['nsx_api_managers']
|
||||
$username = $settings['nsx_api_user']
|
||||
$password = $settings['nsx_api_password']
|
||||
|
||||
class { '::nsxt::create_repo':
|
||||
managers => $managers,
|
||||
username => $username,
|
||||
password => $password,
|
||||
}
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
notice('fuel-plugin-nsx-t: gem-install.pp')
|
||||
|
||||
# ruby gem package must be pre installed before puppet module used
|
||||
package { ['ruby-json', 'ruby-rest-client']:
|
||||
ensure => latest,
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
notice('fuel-plugin-nsx-t: hiera-override.pp')
|
||||
|
||||
include ::nsxt::params
|
||||
|
||||
class { '::nsxt::hiera_override':
|
||||
override_file_name => $::nsxt::params::hiera_key,
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
notice('fuel-plugin-nsx-t: install-nsx-packages.pp')
|
||||
|
||||
$nsx_required_packages = ['libunwind8', 'zip', 'libgflags2', 'libgoogle-perftools4', 'traceroute',
|
||||
'python-mako', 'python-simplejson', 'python-support', 'python-unittest2',
|
||||
'python-yaml', 'python-netaddr', 'libprotobuf8',
|
||||
'libboost-filesystem1.54.0', 'dkms', 'libboost-chrono-dev',
|
||||
'libboost-iostreams1.54.0', 'libvirt0']
|
||||
|
||||
$nsx_packages = ['libgoogle-glog0', 'libjson-spirit', 'nicira-ovs-hypervisor-node', 'nsxa',
|
||||
'nsx-agent', 'nsx-aggservice', 'nsx-cli', 'nsx-da', 'nsx-host',
|
||||
'nsx-host-node-status-reporter', 'nsx-lldp', 'nsx-logical-exporter', 'nsx-mpa',
|
||||
'nsx-netcpa', 'nsx-sfhc', 'nsx-transport-node-status-reporter',
|
||||
'openvswitch-common', 'openvswitch-datapath-dkms', 'openvswitch-pki',
|
||||
'openvswitch-switch', 'python-openvswitch', 'tcpdump-ovs']
|
||||
|
||||
package { $nsx_required_packages:
|
||||
ensure => latest,
|
||||
}
|
||||
package { $nsx_packages:
|
||||
ensure => latest,
|
||||
require => [Package[$nsx_required_packages],Service['openvswitch-switch']]
|
||||
}
|
||||
service { 'openvswitch-switch':
|
||||
ensure => stopped,
|
||||
enable => false,
|
||||
}
|
||||
# This not shell(ubuntu dash) script, this bash script.
|
||||
# if you leave it there all the command like '/bin/sh -c' cannot be executed
|
||||
# example: start galera via pacemaker
|
||||
file { '/etc/profile.d/nsx-alias.sh':
|
||||
ensure => absent,
|
||||
require => Package[$nsx_packages],
|
||||
}
|
|
@ -0,0 +1,69 @@
|
|||
notice('fuel-plugin-nsx-t: neutron-server-start.pp')
|
||||
|
||||
include ::neutron::params
|
||||
|
||||
service { 'neutron-server-start':
|
||||
ensure => 'running',
|
||||
name => $::neutron::params::server_service,
|
||||
enable => true,
|
||||
hasstatus => true,
|
||||
hasrestart => true,
|
||||
}
|
||||
|
||||
include ::nsxt::params
|
||||
|
||||
neutron_config {
|
||||
'DEFAULT/core_plugin': value => $::nsxt::params::core_plugin;
|
||||
'DEFAULT/service_plugins': ensure => absent;
|
||||
'service_providers/service_provider': ensure => absent;
|
||||
}
|
||||
|
||||
Neutron_config<||> ~> Service['neutron-server']
|
||||
|
||||
if 'primary-controller' in hiera('roles') {
|
||||
include ::neutron::db::sync
|
||||
|
||||
Exec['neutron-db-sync'] ~> Service['neutron-server-start']
|
||||
Neutron_config<||> ~> Exec['neutron-db-sync']
|
||||
|
||||
$neutron_config = hiera_hash('neutron_config')
|
||||
$management_vip = hiera('management_vip')
|
||||
$service_endpoint = hiera('service_endpoint', $management_vip)
|
||||
$ssl_hash = hiera_hash('use_ssl', {})
|
||||
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
|
||||
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint])
|
||||
$identity_uri = "${internal_auth_protocol}://${internal_auth_address}:5000"
|
||||
$auth_api_version = 'v2.0'
|
||||
$auth_url = "${identity_uri}/${auth_api_version}"
|
||||
$auth_password = $neutron_config['keystone']['admin_password']
|
||||
$auth_user = pick($neutron_config['keystone']['admin_user'], 'neutron')
|
||||
$auth_tenant = pick($neutron_config['keystone']['admin_tenant'], 'services')
|
||||
$auth_region = hiera('region', 'RegionOne')
|
||||
$auth_endpoint_type = 'internalURL'
|
||||
|
||||
exec { 'waiting-for-neutron-api':
|
||||
environment => [
|
||||
"OS_TENANT_NAME=${auth_tenant}",
|
||||
"OS_USERNAME=${auth_user}",
|
||||
"OS_PASSWORD=${auth_password}",
|
||||
"OS_AUTH_URL=${auth_url}",
|
||||
"OS_REGION_NAME=${auth_region}",
|
||||
"OS_ENDPOINT_TYPE=${auth_endpoint_type}",
|
||||
],
|
||||
path => '/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
tries => '30',
|
||||
try_sleep => '15',
|
||||
command => 'neutron net-list --http-timeout=4 2>&1 > /dev/null',
|
||||
provider => 'shell',
|
||||
subscribe => Service['neutron-server'],
|
||||
refreshonly => true,
|
||||
}
|
||||
}
|
||||
|
||||
# fix add plugin.ini conf for neutron server
|
||||
exec { 'fix-plugin-ini':
|
||||
path => '/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
command => 'sed -ri \'s|NEUTRON_PLUGIN_CONFIG=""|NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugin.ini"|\' /usr/share/neutron-common/plugin_guess_func',
|
||||
provider => 'shell',
|
||||
before => Service['neutron-server'],
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
notice('fuel-plugin-nsx-t: neutron-server-stop.pp')
|
||||
|
||||
include ::neutron::params
|
||||
|
||||
service { 'neutron-server-stop':
|
||||
ensure => 'stopped',
|
||||
name => $::neutron::params::server_service,
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
notice('fuel-plugin-nsx-t: reg-controller-as-transport-node.pp')
|
||||
|
||||
include ::nsxt::params
|
||||
|
||||
$settings = hiera($::nsxt::params::hiera_key)
|
||||
$managers = $settings['nsx_api_managers']
|
||||
$user = $settings['nsx_api_user']
|
||||
$password = $settings['nsx_api_password']
|
||||
$uplink_profile_uuid = $settings['uplink_profile_uuid']
|
||||
$static_ip_pool_uuid = $settings['static_ip_pool_uuid']
|
||||
$transport_zone_uuid = $settings['transport_zone_uuid']
|
||||
$pnics_pairs = $settings['pnics_pairs']
|
||||
|
||||
nsxt_create_transport_node { 'Add transport node':
|
||||
ensure => present,
|
||||
managers => $managers,
|
||||
username => $user,
|
||||
password => $password,
|
||||
uplink_profile_id => $uplink_profile_uuid,
|
||||
pnics => $pnics_pairs,
|
||||
static_ip_pool_id => $static_ip_pool_uuid,
|
||||
transport_zone_id => $transport_zone_uuid,
|
||||
}
|
||||
|
||||
if !$settings['insecure'] {
|
||||
$ca_filename = try_get_value($settings['ca_file'],'name','')
|
||||
if empty($ca_filename) {
|
||||
# default path to ca for Ubuntu 14.0.4
|
||||
$ca_file = "/etc/ssl/certs/ca-certificates.crt"
|
||||
} else {
|
||||
$ca_file = "${::nsxt::params::nsx_plugin_dir}/${ca_filename}"
|
||||
}
|
||||
Nsxt_create_transport_node { ca_file => $ca_file }
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
notice('fuel-plugin-nsx-t: reg-controller-on-management-plane.pp')
|
||||
|
||||
include ::nsxt::params
|
||||
|
||||
$settings = hiera($::nsxt::params::hiera_key)
|
||||
$managers = $settings['nsx_api_managers']
|
||||
$user = $settings['nsx_api_user']
|
||||
$password = $settings['nsx_api_password']
|
||||
|
||||
nsxt_add_to_fabric { 'Register controller node on management plane':
|
||||
ensure => present,
|
||||
managers => $managers,
|
||||
username => $user,
|
||||
password => $password,
|
||||
}
|
||||
|
||||
if !$settings['insecure'] {
|
||||
$ca_filename = try_get_value($settings['ca_file'],'name','')
|
||||
if empty($ca_filename) {
|
||||
# default path to ca for Ubuntu 14.0.4
|
||||
$ca_file = "/etc/ssl/certs/ca-certificates.crt"
|
||||
} else {
|
||||
$ca_file = "${::nsxt::params::nsx_plugin_dir}/${ca_filename}"
|
||||
}
|
||||
Nsxt_add_to_fabric { ca_file => $ca_file }
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/bash -e
|
||||
repo_dir=$1
|
||||
component_archive=$2
|
||||
|
||||
mkdir -p "$repo_dir"
|
||||
cd "$repo_dir"
|
||||
tar --wildcards --strip-components=1 -zxvf "$component_archive" "*/"
|
||||
dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz
|
||||
echo 'Label: nsx-t-protected-packages' > Release
|
||||
chmod 755 .
|
||||
chmod 644 *
|
||||
apt-get update
|
||||
rm -fr "${component_archive:?}"
|
|
@ -1 +0,0 @@
|
|||
Label: nsx-t-protected-packages
|
|
@ -0,0 +1,159 @@
|
|||
require 'rest-client'
|
||||
require 'json'
|
||||
require 'openssl'
|
||||
require 'open-uri'
|
||||
|
||||
module Puppet::Parser::Functions
|
||||
newfunction(:get_nsxt_components, :type => :rvalue, :doc => <<-EOS
|
||||
Returns the address of nsx-t manager, on which enable install-upgrade service
|
||||
example:
|
||||
get_nsxt_components('172.16.0.1,172.16.0.2,172.16.0.3', username, password)
|
||||
EOS
|
||||
) do |args|
|
||||
managers = args[0]
|
||||
username = args[1]
|
||||
password = args[2]
|
||||
managers.split(',').each do |manager|
|
||||
# Suppression scheme, NSX-T 1.0 supports only https scheme
|
||||
manager.to_s.strip =~ /(https?:\/\/)?(?<manager>.+)/
|
||||
manager = Regexp.last_match[:manager]
|
||||
service_enabled = check_service_enabled(manager, username, password)
|
||||
if service_enabled == 'error'
|
||||
next
|
||||
elsif service_enabled == 'disabled'
|
||||
service_enabled_on_manager = enable_upgrade_service(manager, username, password)
|
||||
else
|
||||
service_enabled_on_manager = service_enabled
|
||||
end
|
||||
if check_service_running(service_enabled_on_manager, username, password)
|
||||
return get_component(service_enabled_on_manager, username, password)
|
||||
else
|
||||
service_enabled_on_manager = enable_upgrade_service(service_enabled_on_manager, username, password)
|
||||
if check_service_running(service_enabled_on_manager, username, password)
|
||||
return get_component(service_enabled_on_manager, username, password)
|
||||
end
|
||||
end
|
||||
raise Puppet::Error,("\nCan not enable install-upgrade service on nsx-t manager\n")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def disable_upgrade_service(manager, username, password)
|
||||
debug("Try disable install-upgrade service on #{manager}")
|
||||
request = {'service_name' => 'install-upgrade', 'service_properties' => {'enabled' => false }}
|
||||
api_url = "https://#{manager}/api/v1/node/services/install-upgrade"
|
||||
response = nsxt_api(api_url, username, password, 'put', request.to_json)
|
||||
debug("response:\n #{response}")
|
||||
if response['service_properties']['enabled'] == false
|
||||
return
|
||||
end
|
||||
raise Puppet::Error,("\nCannot disable install-upgrade service on nsx-t manager #{manager}\n")
|
||||
end
|
||||
|
||||
def get_component(manager, username, password)
|
||||
file_path = '/tmp/nsxt-components.tgz'
|
||||
component_url = get_component_url(manager, username, password)
|
||||
begin
|
||||
File.open(file_path, 'wb') do |saved_file|
|
||||
open(component_url, 'rb') do |read_file|
|
||||
saved_file.write(read_file.read)
|
||||
end
|
||||
end
|
||||
rescue => error
|
||||
raise Puppet::Error,("\nCan not get file from #{url}:\n#{error.message}\n")
|
||||
end
|
||||
disable_upgrade_service(manager, username, password)
|
||||
return file_path
|
||||
end
|
||||
|
||||
def get_component_url(manager, username, password)
|
||||
node_version = get_node_version(manager, username, password)
|
||||
begin
|
||||
manifest = open("http://#{manager}:8080/repository/#{node_version}/metadata/manifest").read
|
||||
rescue => error
|
||||
raise Puppet::Error,("\nCan not get url for nsx-t components from #{url}:\n#{error.message}\n")
|
||||
end
|
||||
manifest.split(/\n/).each do |str|
|
||||
if str.include? 'NSX_HOST_COMPONENT_UBUNTU_1404_TAR'
|
||||
url = str.split('=')[1]
|
||||
return "http://#{manager}:8080#{url}"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def get_node_version(manager, username, password)
|
||||
debug("Try get nsx-t node version from #{manager}")
|
||||
api_url = "https://#{manager}/api/v1/node"
|
||||
response = nsxt_api(api_url, username, password, 'get')
|
||||
debug("response:\n #{response}")
|
||||
if not response.to_s.empty?
|
||||
return response['node_version']
|
||||
end
|
||||
raise Puppet::Error,("\nCan not get node version from #{manager}\n")
|
||||
end
|
||||
|
||||
def check_service_enabled(manager, username, password)
|
||||
debug("Check install-upgrade service enabled on #{manager}")
|
||||
api_url = "https://#{manager}/api/v1/node/services/install-upgrade"
|
||||
response = nsxt_api(api_url, username, password, 'get')
|
||||
debug("response:\n #{response}")
|
||||
if not response.to_s.empty?
|
||||
if response['service_properties']['enabled'] == true
|
||||
return response['service_properties']['enabled_on']
|
||||
end
|
||||
return 'disabled'
|
||||
end
|
||||
return 'error'
|
||||
end
|
||||
|
||||
def check_service_running(manager, username, password)
|
||||
debug("Check install-upgrade service running on #{manager}")
|
||||
api_url = "https://#{manager}/api/v1/node/services/install-upgrade/status"
|
||||
response = nsxt_api(api_url, username, password, 'get')
|
||||
debug("response:\n #{response}")
|
||||
if not response.to_s.empty?
|
||||
if response['runtime_state'] == 'running'
|
||||
return true
|
||||
end
|
||||
end
|
||||
return false
|
||||
end
|
||||
|
||||
def enable_upgrade_service(manager, username, password)
|
||||
debug("Try enable install-upgrade service on #{manager}")
|
||||
request = {'service_name' => 'install-upgrade', 'service_properties' => {'enabled' => true }}
|
||||
api_url = "https://#{manager}/api/v1/node/services/install-upgrade"
|
||||
response = nsxt_api(api_url, username, password, 'put', request.to_json)
|
||||
debug("response:\n #{response}")
|
||||
if response['service_properties']['enabled'] == true
|
||||
return response['service_properties']['enabled_on']
|
||||
end
|
||||
raise Puppet::Error,("\nCannot enable install-upgrade service on nsx-t manager #{manager}\n")
|
||||
end
|
||||
|
||||
def nsxt_api(api_url, username, password, method, request='', timeout=5)
|
||||
retry_count = 3
|
||||
begin
|
||||
if method == 'get'
|
||||
response = RestClient::Request.execute(method: :get, url: api_url, timeout: timeout, user: username, password: password, verify_ssl: OpenSSL::SSL::VERIFY_NONE)
|
||||
elsif method == 'put'
|
||||
response = RestClient::Request.execute(method: :put, url: api_url, payload: request, timeout: timeout, user: username, password: password, verify_ssl: OpenSSL::SSL::VERIFY_NONE, headers: {'Content-Type' => 'application/json'})
|
||||
end
|
||||
response_hash = JSON.parse(response.body)
|
||||
return response_hash
|
||||
rescue Errno::ECONNREFUSED
|
||||
notice("\nCan not get response from #{api_url} - 'Connection refused', try next if exist\n")
|
||||
return ""
|
||||
rescue Errno::EHOSTUNREACH
|
||||
notice("\nCan not get response from #{api_url} - 'No route to host', try next if exist\n")
|
||||
return ""
|
||||
rescue => error
|
||||
retry_count -= 1
|
||||
if retry_count > 0
|
||||
sleep 10
|
||||
retry
|
||||
else
|
||||
raise Puppet::Error,("\nCan not get response from #{api_url} :\n#{error.message}\n#{JSON.parse(error.response)['error_message']}\n")
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,24 @@
|
|||
require 'yaml'
|
||||
|
||||
module Puppet::Parser::Functions
|
||||
newfunction(:hiera_overrides, :doc => <<-EOS
|
||||
Custom function to override hiera parameters, the first argument -
|
||||
file name, where write new parameters in yaml format, ex:
|
||||
hiera_overrides('/etc/hiera/test.yaml')
|
||||
EOS
|
||||
) do |args|
|
||||
filename = args[0]
|
||||
hiera_overrides = {}
|
||||
|
||||
# override neutron_advanced_configuration
|
||||
neutron_advanced_configuration = {}
|
||||
neutron_advanced_configuration['neutron_dvr'] = false
|
||||
neutron_advanced_configuration['neutron_l2_pop'] = false
|
||||
neutron_advanced_configuration['neutron_l3_ha'] = false
|
||||
neutron_advanced_configuration['neutron_qos'] = false
|
||||
hiera_overrides['neutron_advanced_configuration'] = neutron_advanced_configuration
|
||||
|
||||
# write to hiera override yaml file
|
||||
File.open(filename, 'w') { |file| file.write(hiera_overrides.to_yaml) }
|
||||
end
|
||||
end
|
|
@ -10,7 +10,7 @@ Puppet::Type.newtype(:nsxt_add_to_fabric) do
|
|||
munge do |value|
|
||||
array = []
|
||||
value.split(',').each do |manager|
|
||||
manager.to_s.strip =~ /(https:\/\/)?(?<host>[^:]+):?(?<port>\d+)?/
|
||||
manager.to_s.strip =~ /(https?:\/\/)?(?<host>[^:]+):?(?<port>\d+)?/
|
||||
host= Regexp.last_match[:host]
|
||||
port = Regexp.last_match[:port]
|
||||
port = 443 if port.to_s.empty?
|
||||
|
|
|
@ -10,7 +10,7 @@ Puppet::Type.newtype(:nsxt_create_transport_node) do
|
|||
munge do |value|
|
||||
array = []
|
||||
value.split(',').each do |manager|
|
||||
manager.to_s.strip =~ /(https:\/\/)?(?<host>[^:]+):?(?<port>\d+)?/
|
||||
manager.to_s.strip =~ /(https?:\/\/)?(?<host>[^:]+):?(?<port>\d+)?/
|
||||
host= Regexp.last_match[:host]
|
||||
port = Regexp.last_match[:port]
|
||||
port = 443 if port.to_s.empty?
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
class nsxt::create_repo (
|
||||
$managers,
|
||||
$username,
|
||||
$password,
|
||||
$repo_dir = '/opt/nsx-t-repo',
|
||||
$repo_file = '/etc/apt/sources.list.d/nsx-t-local.list',
|
||||
$repo_pref_file = '/etc/apt/preferences.d/nsx-t-local.pref',
|
||||
) {
|
||||
file { $repo_dir:
|
||||
ensure => directory,
|
||||
$component_archive = get_nsxt_components($managers, $username, $password)
|
||||
|
||||
file { '/tmp/create_repo.sh':
|
||||
ensure => file,
|
||||
mode => '0755',
|
||||
source => "puppet:///modules/${module_name}/packages",
|
||||
recurse => true,
|
||||
force => true,
|
||||
source => "puppet:///modules/${module_name}/create_repo.sh",
|
||||
replace => true,
|
||||
}
|
||||
file { $repo_file:
|
||||
ensure => file,
|
||||
|
@ -24,8 +28,8 @@ class nsxt::create_repo (
|
|||
}
|
||||
exec { 'Create repo':
|
||||
path => '/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
command => "cd ${repo_dir} && dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz",
|
||||
command => "/tmp/create_repo.sh ${repo_dir} ${component_archive}",
|
||||
provider => 'shell',
|
||||
require => File[$repo_dir],
|
||||
require => File['/tmp/create_repo.sh'],
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
class nsxt::hiera_override (
|
||||
$override_file_name,
|
||||
) {
|
||||
$override_file_path = "/etc/hiera/plugins/${override_file_name}.yaml"
|
||||
hiera_overrides($override_file_path)
|
||||
}
|
|
@ -1,3 +1,36 @@
|
|||
- id: nsx-t-hiera-override
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
groups:
|
||||
- primary-controller
|
||||
- controller
|
||||
- compute
|
||||
required_for:
|
||||
- netconfig
|
||||
requires:
|
||||
- globals
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/hiera-override.pp
|
||||
puppet_modules: puppet/modules
|
||||
timeout: 120
|
||||
|
||||
- id: nsx-t-gem-install
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
groups:
|
||||
- primary-controller
|
||||
- controller
|
||||
- compute
|
||||
required_for:
|
||||
- nsx-t-reg-controller-on-management-plane
|
||||
- nsx-t-reg-controller-as-transport-node
|
||||
requires:
|
||||
- setup_repositories
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/gem-install.pp
|
||||
puppet_modules: puppet/modules
|
||||
timeout: 300
|
||||
|
||||
- id: nsx-t-create-repo
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
|
@ -6,13 +39,34 @@
|
|||
- controller
|
||||
- compute
|
||||
required_for:
|
||||
- pre_deployment_end
|
||||
- netconfig
|
||||
requires:
|
||||
- pre_deployment_start
|
||||
- nsx-t-gem-install
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/create-repo.pp
|
||||
puppet_modules: puppet/modules
|
||||
timeout: 120
|
||||
timeout: 600
|
||||
strategy:
|
||||
type: one_by_one
|
||||
|
||||
- id: nsx-t-install-packages
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
groups:
|
||||
- primary-controller
|
||||
- controller
|
||||
- compute
|
||||
required_for:
|
||||
- openstack-network-start
|
||||
- database
|
||||
- primary-database
|
||||
requires:
|
||||
- netconfig
|
||||
- nsx-t-create-repo
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/install-nsx-packages.pp
|
||||
puppet_modules: puppet/modules
|
||||
timeout: 300
|
||||
|
||||
- id: nsx-t-install-plugin
|
||||
version: 2.0.0
|
||||
|
@ -21,9 +75,9 @@
|
|||
- primary-controller
|
||||
- controller
|
||||
required_for:
|
||||
- nsx-t-configure-plugin
|
||||
- openstack-network-end
|
||||
requires:
|
||||
- openstack-network-common-config
|
||||
- openstack-network-server-config
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/install-nsx-plugin.pp
|
||||
puppet_modules: puppet/modules
|
||||
|
@ -36,10 +90,142 @@
|
|||
- primary-controller
|
||||
- controller
|
||||
required_for:
|
||||
- openstack-network-neutron-start
|
||||
- openstack-network-end
|
||||
requires:
|
||||
- openstack-network-server-nova
|
||||
- nsx-t-install-plugin
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/configure-plugin.pp
|
||||
puppet_modules: puppet/modules:/etc/puppet/modules
|
||||
puppet_modules: puppet/modules
|
||||
timeout: 60
|
||||
|
||||
- id: nsx-t-neutron-server-stop
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
groups:
|
||||
- primary-controller
|
||||
- controller
|
||||
required_for:
|
||||
- openstack-network-end
|
||||
requires:
|
||||
- openstack-network-server-config
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/neutron-server-stop.pp
|
||||
puppet_modules: puppet/modules
|
||||
timeout: 60
|
||||
|
||||
- id: nsx-t-primary-neutron-server-start
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
groups:
|
||||
- primary-controller
|
||||
required_for:
|
||||
- primary-openstack-network-agents-metadata
|
||||
- primary-openstack-network-agents-dhcp
|
||||
- openstack-network-networks
|
||||
requires:
|
||||
- nsx-t-configure-plugin
|
||||
cross-depends:
|
||||
- name: nsx-t-neutron-server-stop
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/neutron-server-start.pp
|
||||
puppet_modules: puppet/modules
|
||||
timeout: 300
|
||||
|
||||
- id: nsx-t-reg-controller-on-management-plane
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
groups:
|
||||
- primary-controller
|
||||
- controller
|
||||
required_for:
|
||||
- primary-openstack-network-agents-metadata
|
||||
- primary-openstack-network-agents-dhcp
|
||||
requires:
|
||||
- nsx-t-install-packages
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/reg-controller-on-management-plane.pp
|
||||
puppet_modules: puppet/modules
|
||||
timeout: 300
|
||||
|
||||
- id: nsx-t-reg-controller-as-transport-node
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
groups:
|
||||
- primary-controller
|
||||
- controller
|
||||
required_for:
|
||||
- primary-openstack-network-agents-metadata
|
||||
- primary-openstack-network-agents-dhcp
|
||||
requires:
|
||||
- nsx-t-reg-controller-on-management-plane
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/reg-controller-as-transport-node.pp
|
||||
puppet_modules: puppet/modules
|
||||
timeout: 300
|
||||
|
||||
- id: nsx-t-neutron-server-start
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
groups:
|
||||
- controller
|
||||
requires:
|
||||
- nsx-t-neutron-server-stop
|
||||
- nsx-t-configure-plugin
|
||||
required_for:
|
||||
- openstack-network-agents-metadata
|
||||
- openstack-network-agents-dhcp
|
||||
cross-depends:
|
||||
- name: nsx-t-primary-neutron-server-start
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/neutron-server-start.pp
|
||||
puppet_modules: puppet/modules
|
||||
timeout: 120
|
||||
strategy:
|
||||
type: one_by_one
|
||||
|
||||
- id: nsx-t-primary-configure-agents-dhcp
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
groups:
|
||||
- primary-controller
|
||||
required_for:
|
||||
- openstack-network-networks
|
||||
requires:
|
||||
- primary-openstack-network-agents-dhcp
|
||||
cross-depends:
|
||||
- name: nsx-t-configure-agents-dhcp
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/configure-agents-dhcp.pp
|
||||
puppet_modules: puppet/modules
|
||||
timeout: 180
|
||||
|
||||
- id: nsx-t-configure-agents-dhcp
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
groups:
|
||||
- controller
|
||||
required_for:
|
||||
- openstack-network-end
|
||||
requires:
|
||||
- openstack-network-agents-dhcp
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/configure-agents-dhcp.pp
|
||||
puppet_modules: puppet/modules
|
||||
timeout: 120
|
||||
|
||||
# skipped tasks
|
||||
- id: openstack-network-networks
|
||||
version: 2.0.0
|
||||
type: skipped
|
||||
- id: primary-openstack-network-plugins-l2
|
||||
version: 2.0.0
|
||||
type: skipped
|
||||
- id: openstack-network-plugins-l2
|
||||
version: 2.0.0
|
||||
type: skipped
|
||||
- id: primary-openstack-network-agents-l3
|
||||
version: 2.0.0
|
||||
type: skipped
|
||||
- id: openstack-network-agents-l3
|
||||
version: 2.0.0
|
||||
type: skipped
|
||||
|
|
|
@ -1,6 +1,21 @@
|
|||
attributes:
|
||||
metadata:
|
||||
group: network
|
||||
insecure:
|
||||
value: true
|
||||
label: "Bypass NSX Manager certificate verification"
|
||||
description: ''
|
||||
weight: 1
|
||||
type: 'checkbox'
|
||||
ca_file:
|
||||
value: ''
|
||||
label: 'CA certificate file'
|
||||
description: 'Specify a CA certificate file to use in NSX Manager certificate verification'
|
||||
weight: 5
|
||||
type: 'file'
|
||||
restrictions:
|
||||
- condition: "settings:nsx-t.insecure.value == true"
|
||||
action: "hide"
|
||||
nsx_api_managers:
|
||||
value: ''
|
||||
label: 'NSX Manager'
|
||||
|
@ -62,3 +77,33 @@ attributes:
|
|||
source: *uuid
|
||||
error: 'Enter cluster UUID'
|
||||
type: "text"
|
||||
uplink_profile_uuid:
|
||||
value: ''
|
||||
label: 'Uplink profile ID'
|
||||
weight: 45
|
||||
regex:
|
||||
source: *uuid
|
||||
error: 'Enter uplink profile ID'
|
||||
type: "text"
|
||||
static_ip_pool_uuid:
|
||||
value: ''
|
||||
label: 'IP pool ID for STT VTEP'
|
||||
weight: 50
|
||||
regex:
|
||||
source: *uuid
|
||||
error: 'Enter IP pool ID'
|
||||
type: "text"
|
||||
transport_zone_uuid:
|
||||
value: ''
|
||||
label: 'Transport zone ID'
|
||||
weight: 55
|
||||
regex:
|
||||
source: *uuid
|
||||
error: 'Enter transport zone ID'
|
||||
type: "text"
|
||||
pnics_pairs:
|
||||
value: 'enp0s1:uplink-1'
|
||||
label: 'Colon separated pnics pairs, one per line'
|
||||
min: 1
|
||||
weight: 60
|
||||
type: "textarea"
|
||||
|
|
|
@ -1,5 +1,29 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Add here any the actions which are required before plugin build
|
||||
# like packages building, packages downloading from mirrors and so on.
|
||||
# The script should return 0 if there were no errors.
|
||||
|
||||
set -eux
|
||||
|
||||
ROOT="$(dirname $(readlink -f $0))"
|
||||
PLUGIN_MOD_DIR="$ROOT/deployment_scripts/puppet/modules/upstream"
|
||||
MODULE_NAME='nsxt'
|
||||
|
||||
# Download upstream puppet modules that are not in fuel-library/
|
||||
find "$ROOT/deployment_scripts/puppet/modules" -maxdepth 1 -mindepth 1 -type d ! -name $MODULE_NAME -prune -exec rm -fr {} \;
|
||||
"$ROOT"/update_modules.sh -d "$PLUGIN_MOD_DIR"
|
||||
|
||||
# Remove .git directory
|
||||
rm -fr $(find "${PLUGIN_MOD_DIR:?}" -name '.git' )
|
||||
|
||||
mv "$PLUGIN_MOD_DIR"/* "$(dirname $PLUGIN_MOD_DIR)"
|
||||
|
||||
# Download puppet modules that are in fuel-library/
|
||||
TARBALL_VERSION='stable/mitaka'
|
||||
REPO_PATH="https://github.com/openstack/fuel-library/tarball/${TARBALL_VERSION}"
|
||||
#
|
||||
wget -qO- "$REPO_PATH" | tar --wildcards -C "$PLUGIN_MOD_DIR" --strip-components=3 -zxvf - "openstack-fuel-library-*/deployment/puppet/"
|
||||
mv "$PLUGIN_MOD_DIR"/osnailyfacter/lib/puppet/parser/functions/get_ssl_property.rb "$(dirname $PLUGIN_MOD_DIR)"/$MODULE_NAME/lib/puppet/parser/functions
|
||||
|
||||
# clean
|
||||
rm -fr "$PLUGIN_MOD_DIR"
|
||||
|
|
|
@ -0,0 +1,164 @@
|
|||
#!/bin/bash -e
|
||||
###############################################################################
|
||||
#
|
||||
# Copyright 2015 Mirantis, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
###############################################################################
|
||||
#
|
||||
# update_modules.sh
|
||||
#
|
||||
# This script uses librarian-puppet-simple to populate the puppet folder with
|
||||
# upstream puppet modules. By default, it assumes librarian-puppet-simple is
|
||||
# already available to the environment or it will fail. You can provide command
|
||||
# line options to have the script use bundler to install librarian-puppet-simple
|
||||
# if neccessary.
|
||||
#
|
||||
# Parameters:
|
||||
# -b - Use bundler to install librarian-puppet (optional)
|
||||
# -r - Hard git reset of librarian managed modules back to specified version (optional)
|
||||
# -p <puppet_version> - Puppet version to use with bundler (optional)
|
||||
# -h <bundle_dir> - Folder to be used as the home directory for bundler (optional)
|
||||
# -g <gem_home> - Folder to be used as the gem directory (optional)
|
||||
# -u - Run librarian update (optional)
|
||||
# -v - Verbose printing, turns on set -x (optional)
|
||||
# -? - This usage information
|
||||
#
|
||||
# Variables:
|
||||
# PUPPET_GEM_VERSION - the version of puppet to be pulled down by bundler
|
||||
# Defaults to '3.4.3'
|
||||
# BUNDLE_DIR - The folder to store the bundle gems in.
|
||||
# Defaults to '/var/tmp/.bundle_home'
|
||||
# GEM_HOME - The folder to store the gems in to not require root.
|
||||
# Defaults to '/var/tmp/.gem_home'
|
||||
#
|
||||
# NOTE: These variables can be overriden via bash environment variable with the
|
||||
# same name or via the command line paramters.
|
||||
#
|
||||
# Author: Alex Schultz <aschultz@mirantis.com>
|
||||
#
|
||||
###############################################################################
|
||||
set -e
|
||||
|
||||
usage() {
|
||||
cat <<EOF
|
||||
Usage: $(basename $0) [-b] [-r] [-p <puppet_version>] [-h <bundle_dir>] [-g <gem_home>] [-u] [-?]
|
||||
|
||||
Options:
|
||||
-b - Use bundler instead of assuming librarian-puppet is available
|
||||
-r - Hard git reset of librarian managed modules back to specified version
|
||||
-p <puppet_version> - Puppet version to use with bundler
|
||||
-h <bundle_dir> - Folder to be used as the home directory for bundler
|
||||
-g <gem_home> - Folder to be used as the gem directory
|
||||
-u - Run librarian update
|
||||
-v - Verbose printing of commands
|
||||
-d - Patch where modules to install
|
||||
-? - This usage information
|
||||
|
||||
EOF
|
||||
exit 1
|
||||
}
|
||||
|
||||
while getopts ":bp:g:h:vru:d:" opt; do
|
||||
case $opt in
|
||||
b)
|
||||
USE_BUNDLER=true
|
||||
BUNDLER_EXEC="bundle exec"
|
||||
;;
|
||||
p)
|
||||
PUPPET_GEM_VERSION=$OPTARG
|
||||
;;
|
||||
h)
|
||||
BUNDLE_DIR=$OPTARG
|
||||
;;
|
||||
g)
|
||||
GEM_HOME=$OPTARG
|
||||
;;
|
||||
r)
|
||||
RESET_HARD=true
|
||||
;;
|
||||
u)
|
||||
UPDATE=true
|
||||
;;
|
||||
v)
|
||||
VERBOSE='--verbose'
|
||||
set -x
|
||||
;;
|
||||
d)
|
||||
PLUGIN_MOD_DIR=$OPTARG
|
||||
;;
|
||||
\?)
|
||||
usage
|
||||
;;
|
||||
:)
|
||||
echo "Option -$OPTARG requires an argument." >&2
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
done
|
||||
shift "$((OPTIND-1))"
|
||||
|
||||
DEPLOYMENT_DIR=$(cd $(dirname $0) && pwd -P)
|
||||
# Timeout in seconds for running puppet librarian
|
||||
TIMEOUT=600
|
||||
export PUPPET_GEM_VERSION=${PUPPET_GEM_VERSION:-'~>3.8'}
|
||||
export BUNDLE_DIR=${BUNDLE_DIR:-'/var/tmp/.bundle_home'}
|
||||
export GEM_HOME=${GEM_HOME:-'/var/tmp/.gem_home'}
|
||||
|
||||
# We need to be in the deployment directory to run librarian-puppet-simple
|
||||
cd $DEPLOYMENT_DIR
|
||||
|
||||
if [ "$USE_BUNDLER" = true ]; then
|
||||
# ensure bundler is installed
|
||||
bundle --version
|
||||
|
||||
# update bundler modules
|
||||
bundle update
|
||||
fi
|
||||
|
||||
# if no timeout command, return true so we don't fail this script (LP#1510665)
|
||||
TIMEOUT_CMD=$(type -P timeout || true)
|
||||
if [ -n "$TIMEOUT_CMD" ]; then
|
||||
TIMEOUT_CMD="$TIMEOUT_CMD $TIMEOUT"
|
||||
fi
|
||||
|
||||
# Check to make sure if the folder already exists, it has a .git so we can
|
||||
# use git on it. If the mod folder exists, but .git doesn't then remove the mod
|
||||
# folder so it can be properly installed via librarian.
|
||||
for MOD in $(grep "^mod" Puppetfile | tr -d '[:punct:]' | awk '{ print $2 }'); do
|
||||
MOD_DIR="${PLUGIN_MOD_DIR}/${MOD}"
|
||||
if [ -d $MOD_DIR ] && [ ! -d "${MOD_DIR}/.git" ];
|
||||
then
|
||||
rm -rf "${MOD_DIR}"
|
||||
fi
|
||||
done
|
||||
|
||||
# run librarian-puppet install to populate the modules if they do not already
|
||||
# exist
|
||||
$TIMEOUT_CMD $BUNDLER_EXEC librarian-puppet install $VERBOSE --path=${PLUGIN_MOD_DIR}
|
||||
|
||||
# run librarian-puppet update to ensure the modules are checked out to the
|
||||
# correct version
|
||||
if [ "$UPDATE" = true ]; then
|
||||
$TIMEOUT_CMD $BUNDLER_EXEC librarian-puppet update $VERBOSE --path=${PLUGIN_MOD_DIR}
|
||||
fi
|
||||
|
||||
# do a hard reset on the librarian managed modules LP#1489542
|
||||
if [ "$RESET_HARD" = true ]; then
|
||||
for MOD in $(grep "^mod " Puppetfile | tr -d '[:punct:]' | awk '{ print $2 }'); do
|
||||
cd "${PLUGIN_MOD_DIR}/${MOD}"
|
||||
git reset --hard
|
||||
done
|
||||
cd $DEPLOYMENT_DIR
|
||||
fi
|
Loading…
Reference in New Issue